package com.tyf.bookreader.handler;

import com.tyf.bookreader.component.LoginUser;
import com.tyf.bookreader.exception.BrException;
import com.tyf.bookreader.service.RedisService;

import java.io.IOException;
import java.util.Objects;

/**
 * @Description TODO
 * @Author shallow
 * @Date 2023/5/2 17:23
 */

import com.tyf.bookreader.utils.JwtUtil;
import io.jsonwebtoken.Claims;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils;
import org.springframework.web.filter.OncePerRequestFilter;

@Component
public class AuthenticationTokenFilter extends OncePerRequestFilter {
    @Autowired
    private RedisService redisService;

    public AuthenticationTokenFilter() {
    }

    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
        String token = request.getHeader("Authorization");
        if (!StringUtils.hasLength(token)) {
            filterChain.doFilter(request, response);
        } else {
            String userId;
            try {
                Claims claims = JwtUtil.parseJWT(token);
                userId = claims.getSubject();
            } catch (Exception var8) {
                throw new BrException("token不合法");
            }

            LoginUser loginUser = (LoginUser)this.redisService.get("login:token:" + userId);
            if (Objects.isNull(loginUser)) {
                throw new RuntimeException("当前用户未登录");
            } else {
                UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(loginUser, null, loginUser.getAuthorities());
                SecurityContextHolder.getContext().setAuthentication(authentication);
                filterChain.doFilter(request, response);
            }
        }
    }
}
